Re: StackGuard

To: debian-devel@lists.debian.org
Subject: Re: StackGuard
From: Avery Pennarun <apenwarr@worldvisions.ca>
Date: Mon, 9 Nov 1998 15:31:08 -0500
Message-id: <[🔎] 19981109153108.A30276@worldvisions.ca>
In-reply-to: <[🔎] 19981109115548.A25102@wi.leidenuniv.nl>; from J.H.M. Dassen Ray" on Mon, Nov 09, 1998 at 11:55:48AM +0100
References: <[🔎] Pine.LNX.3.96.981109093058.4981A-100000@arena.sci.univr.it> <[🔎] 19981109115548.A25102@wi.leidenuniv.nl>

On Mon, Nov 09, 1998 at 11:55:48AM +0100, J.H.M. Dassen Ray" wrote:

> > I know...this could slow the system and possibly other side trouble
> > but...this is my opinion: avery maintainer could compile 2 version of the
> > same package: package.deb and package_sg.deb, so everyone can take the
> > version he prefer..
> 
> I don't think this should be made a burden on all maintainers. IMO, this
> falls in the same category as providing Pentium I/Pro/II optimised versions,
> debugging version, statically linked versions etc. That's not something an
> individual package maintainer should provide; it's much more akin to a port,
> and should be treated as such. If someone wants to do work on a Debian
> i386-StackGuard port, great.

Actually, only daemons running as root, and setuid programs would need to be
compiled with stackguard.  Other programs are just as vulnerable to stack
overflows, but there's not much point in me crashing my own copy of ls :)

Now, how many daemons are still around that run as root... as few as
possible  :)

Have fun,

Avery

Reply to:

Follow-Ups:
- Re: StackGuard
  - From: David Welton <davidw@gate.cks.com>

References:
- StackGuard
  - From: Enrico Cherubini <kevin@arena.sci.univr.it>
- Re: StackGuard
  - From: "J.H.M. Dassen \(Ray\)" <jdassen@wi.leidenuniv.nl>

Prev by Date: pgp signing in mutt
Next by Date: Re: libgtop0 ==> libgtop1?
Previous by thread: Re: StackGuard
Next by thread: Re: StackGuard
Index(es):
- Date
- Thread